stake.link
stake.link
DeFiHardhatBridge
27,500 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

No Input Validation

yeahchibyke

Summary

No input validation in the addWhitelistedChain() function

Vulnerability Details

The addWhitelistedChain() function in the provided smart contract is responsible for adding a new chain to the list of whitelisted chains. This function takes four parameters: _chainSelector, _destination, _updateExtraArgs, and _rewardsExtraArgs. However, the function does not perform any validation on these inputs.

Impact

This lack of input validation could lead to several issues. For instance, a malicious actor could pass an invalid _chainSelector or _destination to exploit the function. Similarly, if a null or empty byte array is passed to _updateExtraArgs or _rewardsExtraArgs, it could lead to unexpected behavior or vulnerabilities.

Recommendations

Add checks to validate the inputs to the addWhitelistedChain() function. This involves checking that _chainSelector is not zero, _destination is not the zero address, and _updateExtraArgs and _rewardsExtraArgs are not null or empty.

function addWhitelistedChain(
uint64 _chainSelector,
address _destination,
bytes calldata _updateExtraArgs,
bytes calldata _rewardsExtraArgs
) external onlyOwner {
require(_chainSelector != 0, "Invalid chain selector");
require(_destination != address(0), "Invalid destination address");
require(_updateExtraArgs.length > 0, "Update extra arguments cannot be empty");
require(_rewardsExtraArgs.length > 0, "Rewards extra arguments cannot be empty");
// Rest of the function...
}
Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.